NSA civilian employee stripped of clearance due to ties with Snowden

The employee resigned amid allegations that he let Snowden use his access to NSANet.

On Thursday, NBC News published a memo from the NSA, reporting that an unnamed civilian employee of the agency had been linked to leaks made by former NSA contractor Edward Snowden.

The employee, the memo said, allowed Snowden to use his “Public Key Infrastructure (PKI) certificate to access classified information on NSANet; access that he knew had been denied to Mr. Snowden.” The NSA further alleges that Snowden asked the employee to enter his PKI password on Snowden's computer, on which he “was able to capture the password” without the employee's knowledge.

“The civilian was not aware that Mr. Snowden intended to unlawfully disclose classified information,” read the memo. "However, by sharing his PKI certificate, he failed to comply with security obligations." The employee had his security clearance revoked in November and resigned in January.

The memo was addressed to congressional intelligence and judiciary committees and was sent February 10. The New York Times notes that the memo was intended to respond to the committees' questions about accountability for the security lapses that allowed Snowden so much access within the NSA's system. “The answer appeared to suggest that no senior officials of the NSA or its oversight organization, the office of the director of national intelligence, will be disciplined or fired for what officials have called the largest and most damaging disclosure of classified material in American history,” wrote the Times.

Back in November, Reuters sources said that Snowden convinced “20 to 25” of his coworkers to give him their login credentials. So far, however, only three people have been disciplined—the civilian NSA employee, as well as an active duty military member and another contractor. The two latter were not employees of the NSA, so while their access to NSA information was revoked, their employers are responsible for disciplinary action.

89 Reader Comments

“The answer appeared to suggest that no senior officials of the NSA or its oversight organization, the office of the director of national intelligence, will be disciplined or fired for what officials have called the largest and most damaging disclosure of classified material in American history,” wrote the Times.

The thing that bothers me here is that if this really is the "largest and most damaging disclosure", then why aren't they behaving like it is so? As others have noted, finding some low level flunkies to scapegoat is more about face saving than about making things right after a huge leak of classified material.

But even if you got rid of the polygraph, all you're gaining is you don't have to sit in such an uncomfortable chair and have your arm fall asleep. The investigation would still be highly intrusive, and you'd have to give up all kinds of personal information to the government, and that's what makes it suck.

But a background check is still necessary. It just needs to be improved upon, and it should always be recognized that anyone is susceptible to corruption.

“The answer appeared to suggest that no senior officials of the NSA or its oversight organization, the office of the director of national intelligence, will be disciplined or fired for what officials have called the largest and most damaging disclosure of classified material in American history,” wrote the Times.

The thing that bothers me here is that if this really is the "largest and most damaging disclosure", then why aren't they behaving like it is so? As others have noted, finding some low level flunkies to scapegoat is more about face saving than about making things right after a huge leak of classified material.

The government's response has pretty much been duck and cover. They understand that the real damage is to the NSA's reputation, not the actual disclosure of classified information. Since Obama wants to keep the metadata program going, he hasn't been in a hurry to roll any heads, while Congress is more interested in posturing and scoring political points than in really addressing the serious issues at hand.

Somebody call the whambulance. Our incredibly incompetent spies did something incompetent and a few of them are getting punished for it. I don't know why higher up heads haven't rolled over the incredibly lax security that let Snowden get access in the first place.

You really think higher heads are going to roll? BWAHAHAHAHAHA! Forget it. The higher up people are the movers and shakers that know the things that the United States truly does not want to get out (assassinations and extreme renditions) so they are not going to be disciplined.

"However, by sharing his PKI certificate, not implementing anti-leak software, he the NSA's Remote Operations Center facility in Hawaii, failed to comply with security obligations."

Fixed.

(a)It's like body armor. Anyone who gets shot could have been wearing a piece of armor right where they got shot. It's damned heavy, though, so everyone wants to wear the least amount of armor possible.

The same is true when you're working in secure systems, you can install all this software, airgap your networks and have all sorts of elaborate procedures, but at some point you do have to get work done.

And, really, if it was just a lack of installing enough magic anti-hacker software, Snowden wouldn't have needed to get other people to give him their logins. The bottom line is(b) people had to violate agreements they signed for this to happen.

It's a pretty incredible claim that he had credentials for two dozen people. Whether or not you think polys work, most people in that area think they do. So they might initially agree to give out a login, but it's pretty amazing that no one reported it.

The most I've asked of others is to login in for me. I wouldn't ask for their login credentials, and wouldn't even go there if they said that I shouldn't be on in the first place (making the logging in for me a no go).